Bypassing Malware VM Detection: Spoofing a CPU Fan via Custom SMBIOS

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Bypassing Malware VM Detection: Spoofing a CPU Fan via Custom SMBIOS

2025-06-30

Malware often checks for the absence of hardware components typically not emulated in virtual machines (like a CPU fan) to evade analysis. This post details how to bypass this detection by modifying the virtual machine's SMBIOS data to spoof a CPU fan. The author thoroughly explains the steps for Xen and QEMU/KVM environments, including obtaining SMBIOS data, creating a custom SMBIOS file, and configuring the VM. The post also highlights the need to additionally handle SMBIOS Type 28 (temperature probe) data in Xen for successful WMI deception.

(wbenny.github.io)

Development

The Book of Shaders: A Gentle Introduction to Fragment Shaders

NativeJIT: A High-Performance JIT Compiler for Bing